A company's email server has a known vulnerability that is being actively exploited in the wild. Based on reports, the vulnerability has been exploited in an average of two companies per month over the last year. Given this information, what is the Annualized Rate of Occurrence (ARO) for potential exploits of this vulnerability in the company's email server?
The ARO represents how often in a year an event is expected to occur. The information provided states that the vulnerability has been exploited in an average of two companies per month over the past year. Since the ARO is annual, this monthly rate must be multiplied by 12 to obtain the annual rate. Thus, 2 exploits per month * 12 months per year = 24, which is the ARO for the company.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Annualized Rate of Occurrence (ARO)?
Open an interactive chat with Bash
How do you calculate ARO from monthly data?
Open an interactive chat with Bash
Why is it important to know the ARO for vulnerabilities?